Skip to first unread message
Victor Congionti
Jan 10, 2014, 4:55:31 PM1/10/14
to openesig...@googlegroups.com
What is the best practice for masking credit card information / CCV information after a customer submits form? We basically hold onto that information until after our service is completed and then bill the client.
I see there is an option for each field to "Mask in data snapshot." If checked, will we be able to see this information by logging in if we would need to charge a credit card? Per PCI, technically this information should be masked after a transaction so I was wondering the best way to implement this in our scenario.
Open eSignForms
Jan 10, 2014, 5:29:32 PM1/10/14
to openesig...@googlegroups.com
For General (CCV) and Credit Card # fields, the field's display format will allow you to have the data be masked in review mode. Per PCI compliance, you should blank out the CCV and either blank out or mask the CC# once the party who needs to view them has processed it.
You can also use mask in data snapshot to ensure that the secure data is not stored in the digitally signed data as well. This does not change the value of the data in the transaction, which is why the party who processes the transaction afterwards can still see the information. But once they are done, custom logic should be used to blank them out using SET FIELD VALUE actions.
You can also use mask in data snapshot to ensure that the secure data is not stored in the digitally signed data as well. This does not change the value of the data in the transaction, which is why the party who processes the transaction afterwards can still see the information. But once they are done, custom logic should be used to blank them out using SET FIELD VALUE actions.
Reply all
Reply to author
Forward
0 new messages